Difference: CASShibInstallation (3 vs. 4)

Revision 42011-11-14 - TWikiAdminUser

Line: 1 to 1
 
META TOPICPARENT name="InstallationGuide"
Line: 10 to 10
 

0.1 Installa SP

Changed:
<
<
For the shibboleth installation use the package manager YUM and install the software.
>
>
For the shibboleth installation you can use the package manager YUM and install the software.
 
 $ yum install shibboleth
Changed:
<
<
After installation start server
>
>
After installation you have to start the server
 
 $ service shibd start
Line: 24 to 24
 

0.1 Configure SP

Changed:
<
<
For configuration go to /etc/shibboleth directory.
>
>
For configuration you have to move in /etc/shibboleth directory.
  If you want that SP support CASShib you must configure the shibboleth2.xml file. Each service needs to have its own protected Shibboleth address for CAS validation. For mapping URLs with services you must add this rows in the shibboleth configuration file.
Line: 41 to 41
 
Changed:
<
<
After this, you configure the section with fake service. This means that if the request don't match the regular expressions return an error page. For configure the registrated services add this lines at the end of shibboleth2.xml file.
>
>
After this, you have to configure the section with fake service. This means that if the request doesn't correspond to the regular expressions return an error page. For configuring the registrated services you have to add these lines at the end of shibboleth2.xml file.
 
<ApplicationOverride id="app1" entityID="https://halfback.cnaf.infn.it/casshib/app1" homeURL="https://halfback . cnaf . infn . it/app1/" REMOTE_USER="shibattr-mail">
Line: 65 to 65
 </ApplicationOverride >
Changed:
<
<
This rows configure the SP for query the IGI IDP with app1 service and INFN AAI with app2 service. The attribute REMOTE_USER specify which IDP's attributes will use for the authentication process in the portal.
>
>
These rows configure the SP for query the IGI IDP with app1 service and INFN AAI with app2 service. The attribute REMOTE_USER is used to specify which IDP's attributes will be used for the authentication process in the portal.
 
Changed:
<
<
Now configure the attribute-map.xml file for define the attribute used by shibboleth. Add this rows at the file.
>
>
Now we have to configure the attribute-map.xml file for defining the attribute used by shibboleth adding the following rows:
 
<afp:AttributeRule attributeID="shibattr&#8722;eppn"> 
Line: 95 to 95
 

1 Apache server

Changed:
<
<
For install a secure comunication for CASShib you neet to install the apache server which acts as a front-end.
>
>
For a secure communication you need to install the apache server which acts as a front-end.
 

0.1 Install Apache

Line: 103 to 103
 
 $ yum install httpd
Deleted:
<
<

After installation start server

  $ service httpd start
Changed:
<
<

0.1 Configure Apache

>
>

0.1 Apache Configuration

 
Changed:
<
<
Add to httpd.conf file this row for enable shibboleth authentication.
>
>
We have to add to httpd.conf file the following rows for enabling shibboleth authentication.
 
##
Line: 122 to 117
 Include /etc/shibboleth/apache22.config
Changed:
<
<
Now comment all the row of apache22.config. Now configure Apache to use SSL. Edit the ssl.conf file in the Apache directory and in the default:443> section add this rows.
>
>
Then we have to comment all the rows of apache22.config. Now configure Apache to use SSL. Edit the ssl.conf file in the Apache directory and in the default:443> section add this rows.
 
UseCanonicalName On
 
TWIKI.NET
This site is powered by the TWiki collaboration platformCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback